Turn off bot detection for specific url

I am trying to turn off bot detections for specific url (JSON file). I created a rule in WAF to skip everything but did not help. What else can I do?
My goal is to allow downloading this file by anyone through cURL PHP.

Are you on a paid plan? The Bot Fight Mode, available on the free plan does not allow bypasses, you’d need to turn it off completely. BFM and SBFM are meant to be used while under attack only, and if that’s not the case you should disable it. If you are on a paid plan, make sure the domain or subdomain is proxied :orange: by Cloudflare.

I have a Pro plan. Why would it be only for under attack only? Challenge unknown bots is generally a good setting.

I have my firewall event from testing and it looks like the problem is js_detection, am I right?

"metadata": [
      "key": "ruleset_version",
      "value": "7"
      "key": "version",
      "value": "6"
      "key": "type",
      "value": "customer"
      "key": "js_detection",
      "value": "MISSING"

If it’s proxied, your rule should work. Can you share the rule expression?

It’s not easy to identify bots, let alone only bots you don’t like. A bot detection program will always result in false positives, like the one you’re facing.

Yes, it is proxied. Here is a rule expression:

it is not a false positive. I created a bot to download a specific URL to test it and CF recognized it as the bot, which is good. But for this specific URL, I want to disable this protection, so any bot can download this URL (json)

1 Like


The URI Path field only contains the path element, not the whole URL. Change that to “/feed.json” and your rule should work.


I am an idiot…thanks. I was looking everywhere but did not notice it should be URI Full


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.